PDA

View Full Version : Control Panel missing - Canceled due to restrictions...


wvmbark
2007-12-31, 19:40
I had AVG yet caught a nasty virus. I ran Windows LiveOne scan which cleared some of the mess and then installed McAfee. Now I'm having multiple problems including not being able to access control panel, system tasks, etc. Following instructions posted to various forums, I've created a HiJackThis log and am posting here hoping to get some help...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:40 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program

Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\CreataCard\Gold\FMRemind.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr

oxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqSTE08.exe
C:\Program

Files\SiteAdvisor\6172\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.

exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program

Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Documents and

Settings\user\Desktop\Mike Barkley

Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=6

9157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=5

4896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=5

4896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=6

9157
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Microsoft

Internet Explorer provided by Insight

Broadband
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{089FD14D-132B-48FC-8861-0048AE113215} -

C:\Program

Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy -

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor -

{0BF43445-2F28-4351-9252-17FE6E806AA0} -

C:\Program

Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32

cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AGRSMMSG]

AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [mcagent_exe]

C:\Program

Files\McAfee.com\Agent\mcagent.exe

/runkey
O4 - HKLM\..\Run: [ctfmona]

C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [SiteAdvisor]

C:\Program

Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\RunOnce: [RunOnceEx]

rundll32.exe

C:\WINDOWS\system32\iernonce.dll,RunOnce

ExProcess
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program

Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe

AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SCRABBLE Complete

Registration.lnk = C:\Documents and

Settings\user\Local

Settings\Temp\{FA4F4CE0-5560-4CF6-B8DE-F

0A8A16367A4}\{B36649A3-D0DD-4706-B042-F5

B384529C7A}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program

Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk =

C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: CreataCard Gold 3

Forget Me Not Reminders Tray Icon.lnk =

C:\Program

Files\CreataCard\Gold\FMRemind.exe
O4 - Global Startup: Event Reminder.lnk

= C:\Program Files\PrintMaster

16\pmremind.exe
O4 - Global Startup: HP Digital Imaging

Monitor.lnk = C:\Program

Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled

Updates.lnk = C:\Program

Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk

= C:\Program Files\Quicken\QWDLLS.EXE
O7 -

HKLM\Software\Microsoft\Windows\CurrentV

ersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCE

L.EXE/3000
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D

LL
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program

Files\Internet

Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF:

START_PAGE_URL=http://www.insightbb.com
O16 - DPF:

{5ED80217-570B-4DA9-BF44-BE107C0EC166}

(Windows Live Safety Center Base Module)

-

http://cdn.scan.onecare.live.com/resourc

e/download/scanner/wlscbase4009.cab
O20 - AppInit_DLLs:

C:\WINDOWS\system32\wowfx.dll
O23 - Service: McAfee Application

Installer Cleanup (0070021199118277)

(0070021199118277mcinstcleanup) -

McAfee, Inc. -

C:\DOCUME~1\user\LOCALS~1\Temp\007002~1.

EXE
O23 - Service: McAfee Services

(mcmscsvc) - McAfee, Inc. -

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent

(McNASvc) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.

exe
O23 - Service: McAfee Scanner (McODS) -

McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service

(McProxy) - McAfee, Inc. -

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr

oxy.exe
O23 - Service: McAfee Real-time Scanner

(McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards

(McSysmon) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall

Service (MpfService) - McAfee, Inc. -

C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service -

Unknown owner - C:\Program

Files\SiteAdvisor\6172\SAService.exe

--
End of file - 6690 bytes

...any thoughts or suggestions??? Any help would be greatly appreciated!!!
Blade81
2008-01-09, 21:01
Hi

I'm sorry you had to wait so long.

If you still need help post a fresh hjt log (ensure that notepad's word wrap is disabled to make log appear without those gaps between entries). :)
Blade81
2008-01-16, 22:19
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.